[Samba] MMC issue
Mariusz80
skorp77 at gmail.com
Tue Dec 5 22:39:25 UTC 2017
Samba - General mailing list wrote
> On Tue, 5 Dec 2017 13:15:53 -0700 (MST)
> Mariusz80 via samba <
> samba at .samba
> > wrote:
>
>> Samba - General mailing list wrote
>> > On Tue, 5 Dec 2017 12:27:24 -0700 (MST)
>> > Mariusz80 via samba <
>>
>> > samba at .samba
>>
>> > > wrote:
>> >
>> >> Samba - General mailing list wrote
>> >> > On Tue, 5 Dec 2017 12:00:55 -0700 (MST)
>> >> > Mariusz80 via samba <
>> >>
>> >> > samba at .samba
>> >>
>> >> > > wrote:
>> >> >
>> >> >> Samba - General mailing list wrote
>> >> >> > On Tue, 5 Dec 2017 11:11:33 -0700 (MST)
>> >> >> > Mariusz80 via samba <
>> >> >>
>> >> >> > samba at .samba
>> >> >>
>> >> >> > > wrote:
>> >> >> >
>> >> >> >> Samba - General mailing list wrote
>> >> >> >> > On Tue, 5 Dec 2017 10:37:02 -0700 (MST)
>> >> >> >> > Mariusz80 via samba <
>> >> >> >>
>> >> >> >> > samba at .samba
>> >> >> >>
>> >> >> >> > > wrote:
>> >> >> >> >
>> >> >> >> >> Hi
>> >> >> >> >> I have a strange problem with Shared folders in MMC.
>> >> >> >> >> While I try to connect to linux machine and list Open
>> >> >> >> >> files or Sessions I got a message "You do not have
>> >> >> >> >> permission to view the list of sessions from Windows
>> >> >> >> >> clients". The problem exists only if I try to connect to
>> >> >> >> >> linux machines (Windows Server is ok), and only for
>> >> >> >> >> Administrator account. From other accounts with
>> >> >> >> >> Administrator priviliges there is no problem at all.
>> >> >> >> >>
>> >> >> >> >> In the logs there is:
>> >> >> >> >>
>> >> >>
>> ../source3/rpc_server/srvsvc/srv_srvsvc_nt.c:1274(_srvsvc_NetFileEnum)
>> >> >> >> >> Enumerating files only allowed for administrators
>> >> >> >> >>
>> >> >> >> >> Any advice?
>> >> >> >> >>
>> >> >> >> >> Thanks
>> >> >> >> >> Mariusz
>> >> >> >> >>
>> >> >> >> >>
>> >> >> >> >>
>> >> >> >> >> --
>> >> >> >> >> Sent from:
>> >> >> >> >>
>> http://samba.2283325.n4.nabble.com/Samba-General-f2403709.html
>> >> >> >> >>
>> >> >> >> >
>> >> >> >> > How is Samba set up on the Linux machine ?
>> >> >> >> >
>> >> >> >> > Rowland
>> >> >> >> >
>> >> >> >> > --
>> >> >> >> > To unsubscribe from this list go to the following URL and
>> >> >> >> > read the instructions:
>> >> >> >> > https://lists.samba.org/mailman/options/samba
>> >> >> >>
>> >> >> >> I did it according to:
>> >> >> >>
>> >> https://wiki.samba.org/index.php/Setting_up_Samba_as_a_Domain_Member
>> >> >> >> My smb.conf:
>> >> >> >> [global]
>> >> >> >> security = ADS
>> >> >> >> workgroup = some
>> >> >> >> realm = some.domain.pl
>> >> >> >>
>> >> >> >> allow trusted domains = Yes
>> >> >> >> winbind use default domain = Yes
>> >> >> >> winbind nss info = rfc2307
>> >> >> >> winbind refresh tickets = Yes
>> >> >> >>
>> >> >> >> log file = /var/log/samba/%m.log
>> >> >> >> log level = 1
>> >> >> >>
>> >> >> >> idmap config * : backend = tdb
>> >> >> >> idmap config * : range = 3000-7999
>> >> >> >>
>> >> >> >> idmap config some : backend = rid
>> >> >> >> idmap config some: range = 10000-999999
>> >> >> >>
>> >> >> >> winbind nss info = template
>> >> >> >> template shell = /bin/bash
>> >> >> >> template homedir = /home/%U
>> >> >> >> username map = /etc/samba/user.map
>> >> >> >>
>> >> >> >> winbind enum users = yes
>> >> >> >> winbind enum groups = yes
>> >> >> >>
>> >> >> >> vfs objects = acl_xattr
>> >> >> >> map acl inherit = yes
>> >> >> >> store dos attributes = yes
>> >> >> >>
>> >> >> >
>> >> >> > Does 'getent passwd Administrator' give any output ?
>> >> >> >
>> >> >> > If it does, try adding this line to smb.conf:
>> >> >> >
>> >> >> > username map = /etc/samba/user.map
>> >> >> >
>> >> >> > Create the user.map:
>> >> >> >
>> >> >> > nano /etc/samba/user.map
>> >> >> >
>> >> >> > it should contain only:
>> >> >> >
>> >> >> > !root = SAMDOM\Administrator SAMDOM\administrator
>> >> >> > Administrator administrator
>> >> >> >
>> >> >> > That is all on one line, replace 'SAMDOM' with your workgroup
>> >> >> > name and, if required, change the '/etc/samba' path to the
>> >> >> > path to your smb.conf.
>> >> >> >
>> >> >> > Rowland
>> >> >> >
>> >> >> > --
>> >> >> > To unsubscribe from this list go to the following URL and read
>> >> >> > the instructions:
>> >> >> > https://lists.samba.org/mailman/options/samba
>> >> >>
>> >> >> getent passwd Administrator
>> >> >> administrator:*:10500:10513::/home/administrator:/bin/bash
>> >> >>
>> >> >> smb.conf already contains user.map
>> >> >>
>> >> >
>> >> >
>> >> > The fact that 'Administrator' has an ID that isn't '0' means
>> >> > that, to Linux, Administrator is just another user and can only
>> >> > do what any normal user can do.
>> >>
>> >> In fact on my dc Administrator has an id=0 and mmc is working
>> >> correctly. How can I solve that ?
>> >
>> > This is because on a DC, the mapping is done in idmap.ldb, so you
>> > don't need the user.map on a DC
>> >>
>> >>
>> >> > You could try running 'net cache flush'
>> >>
>> >> net chache flush doesn't give any output and nothing change.
>> >
>> > If 'doesn't give any output' means that 'getent passwd
>> > Administrator' doesn't show what it did before, then try again from
>> > windows, it should now work.
>> >
>> > If you are still getting output from 'getent passwd Administrator',
>> > please post your smb.conf
>> >
>> > Rowland
>> >
>> > --
>> > To unsubscribe from this list go to the following URL and read the
>> > instructions: https://lists.samba.org/mailman/options/samba
>>
>> getent passwd Administrator still shows:
>> administrator:*:10500:10513::/home/administrator:/bin/bash
>>
>> smb.conf:
>> [global]
>> security = ADS
>> workgroup = some
>> realm = some.domain.pl
>>
>> allow trusted domains = Yes
>> winbind use default domain = Yes
>> winbind nss info = rfc2307
>> winbind refresh tickets = Yes
>>
>> log file = /var/log/samba/%m.log
>> log level = 1
>>
>> idmap config * : backend = tdb
>> idmap config * : range = 3000-7999
>>
>> idmap config some : backend = rid
>> idmap config some: range = 10000-999999
>>
>> winbind nss info = template
>> template shell = /bin/bash
>> template homedir = /home/%U
>>
>>
>> username map = /etc/samba/user.map
>>
>> winbind enum users = yes
>> winbind enum groups = yes
>>
>> vfs objects = acl_xattr
>> map acl inherit = yes
>> store dos attributes = yes
>
> OK, I started a VM running a Unix domain member that uses the 'rid'
> backend and it does work in the same way as yours, I get the same
> result for 'getent passwd Administrator'.
>
> I then started another VM running Windows 7, logged in as
> Administrator, connected to a share on the Unix domain member and via
> the security tab for the share, added permissions for another user.
>
> So, whilst I didn't expect it to work, it did.
>
> Rowland
>
>
> --
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
Well permisions are working fine but, if i create for example "new folder"
then the owner is root and what about the main problem with mmc.
Mariusz
--
Sent from: http://samba.2283325.n4.nabble.com/Samba-General-f2403709.html
More information about the samba
mailing list